West Midlands Pension Fund Internal Audit Plan 2020-2021 - Sensitivity: NOT PROTECTIVELY MARKED
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Sensitivity: NOT PROTECTIVELY MARKED West Midlands Pension Fund Internal Audit Plan 2020-2021
Sensitivity: NOT PROTECTIVELY MARKED
Index
1 Introduction
2 Assessing the effectiveness of risk management and governance
3 Assessing the effectiveness of the system of control
4 Identifying the Fund’s objectives and risks
5 Framework of assurance
6 Development of the internal audit plan
7 Considerations of the Pensions Committee, Board and senior management
8 How the internal audit plan will be delivered
9 The internal audit planSensitivity: NOT PROTECTIVELY MARKED
1. Introduction
1.1 The purpose of internal audit is to provide the Director, Pensions Committee, Board and
Section 151 Officer with an independent and objective opinion on risk management, control
and governance and their effectiveness in achieving the Fund’s agreed objectives. In order
to provide this opinion, we are required to review annually the risk management and
governance processes within the Fund. We also need to review on a cyclical basis, the
operation of the internal control systems. It should be pointed out that internal audit is not a
substitute for effective internal control. The true role of internal audit is to contribute to
internal control by examining, evaluating and reporting to management on its adequacy and
effectiveness.
1.2 The purpose of this document is to provide the Fund with an internal audit plan for the
2020-2021 financial year This plan has been subject to Senior Management Team approval
and individual audit dates and timings will be agreed with individual managers during the
year. It should be noted that the plan has been considered and amended in response to the
early implications arising from Covid-19. The plan will continue to be reviewed throughout
the year in order to identify if further issues arise from Covid-19 related matters.
2. Assessing the effectiveness of risk management and governance
2.1 The effectiveness of risk management and governance will be reviewed, where appropriate,
annually, to gather evidence to support our opinion to the Director, Pensions Committee,
Board and Section 151 Officer. This opinion is reflected in the general level of assurance
given in our annual report and where appropriate within separate reports in areas that will
touch upon risk management and governance.
3. Assessing the effectiveness of the system of control
3.1 In order to be adequate and effective, management should:
Establish and monitor the achievement of the Fund’s objectives and facilitate
policy and decision making.
Identify, assess and manage the risks to achieving the Fund’s objectives.
Ensure the economical, effective and efficient use of resources.
Ensure compliance with established policies, procedures, laws and regulations.
Safeguard the Fund’s assets and interests from losses of all kinds, including
those arising from fraud, irregularity or corruption.
Ensure the integrity and reliability of information, accounts and data.
The plan contained in this report is our assessment of the audit work required to measure,
evaluate and report on the effectiveness of risk management, governance and internal
control.Sensitivity: NOT PROTECTIVELY MARKED
4. The assessment of assurance needs - identifying the Fund’s
objectives and the associated risks
4.1 Internal audit should encompass the whole internal control system and not limited to
only financial controls. The scope of internal audit work should reflect the key objectives
of the Fund and the key risks it faces.
The following are the Fund’s Core Objectives:
• P Partnering for success
• R Responsible asset owner, employer and local community partner
• I Investing to increase capacity
• D Drive efficiencies and cost savings
• E Engage to improve outcomes for customers
4.2 These objectives are achieved by the implementation of effective management processes
and through the operation of a sound system of internal control.
The Fund has identified the following key risks which may potentially impact on its ability to
achieve its objectives:
WMPF Key Risks: extract from latest risk register
Pooling:
• Transition timeline slips causing additional cost/ resource on the fund
• Investments not reflecting Funds investment strategy putting investment returns at risk
• Resourcing – insufficient resources to manage legacy assets
• Ineffective strategy or investment requirements leading to stalling with transition of assets and
possible failure to deliver cost savings
• Stakeholder delay on key issues leading to ineffective decision making and partnership working
• Cost savings fail to be delivered - higher regularity and other costs, anticipated savings do not
materialise
Investments:
• Fund not achieving investment returns in line with longer term strategic objectives
• Brexit Uncertainty
• Climate Change
Finance:
• Non-payment or receipt of monies due to the FundSensitivity: NOT PROTECTIVELY MARKED
Governance:
• Change in government policy / LGPS reforms
• Fund resource and key main risks including failure to recruit and retain staff with the right
experience, qualification and skill sets
• Outcomes from the McCloud and Sargeant court cases impacting on funding and resource
where data remedy is required
Operations
• Failure to adhere to statutory regularity requirements
• Poor quality and / or late deliveries / upgrades by PAS provider leading to an inability to process
member data creating backlog and /or delays
Pensions Services
• Failure to adhere to the Pensions Administration Strategy
5. The framework of assurance
5.1 The framework of assurance aims to satisfy an organisation that the risks to its objectives
and the risks inherent in undertaking its work, have been properly identified and are being
managed by controls that are adequately designed and effective in operation. The
assurance framework will comprise a variety of sources and not only the work of internal
audit.
In addition, we work closely with our partner funds to ensure that the LGPSC Pool has an
appropriate assurance framework. This includes membership of the Internal Audit Working
Group.
We also work with the Fund’s external auditors to share knowledge and audit information.
Assessing the risk of auditable areas within the assurance framework
5.2 Risk is defined as “The threat that an event or action will adversely affect an organisation’s
ability to achieve its business objectives and execute its strategies.”
(Source: Economist Intelligence Unit - Executive Briefing)
5.3 There are a number of key factors for assessing the degree of assurance need within the
auditable area. These have been used in our calculation for each auditable area and are
based on the following factors:
• Materiality
• Business impact
• Audit experience
• Risk
• Potential for fraudSensitivity: NOT PROTECTIVELY MARKED
5.4 In this model, the assignment of the relative values are translated into an assessment of
assurance need. These ratings used are high, medium or low to establish the frequency of
coverage of internal audit.
6. Developing an internal audit plan
6.1 The internal audit plan is based, wherever possible, on management’s risk priorities, as set out
in the Fund’s own risk analysis/assessment. The plan has been designed to, wherever
possible, cover the key risks identified by such risk analysis.
6.2 In establishing the plan, the relationship between risk and frequency of audit remains absolute.
The level of risk will always determine the frequency by which auditable themes and areas will
be subject to audit. This ensures that key risk themes and areas are looked at on a frequent
basis. The aim of this approach is to ensure the maximum level of assurance can be provided
with the minimum level of audit coverage.
It is recognised that a good internal audit plan should achieve a balance between clearly
setting out the planned audit work and retaining flexibility to respond to changing risks and
priorities during the year.
Auditor’s judgement will be applied in assessing the number of days required for each audit
identified in the plan.
6.3 Included within the plan, in addition to audit days for field assignments are:
• a small contingency allocation, which will be utilised when the need arises, for example,
special projects, investigations, advice and assistance, unplanned and ad-hoc work as and
when requested.
• a follow-up allocation, which will be utilised to assess the degree of implementation
achieved in relation to key recommendations agreed by management during the prior year.
• an audit management allocation, which is used for management, quality control, client and
external audit liaison and for preparation for, and attendance at various management
meetings and committees etc.
7. Considerations required of the Pensions Committee, Board and
senior management
Does the plan include all the areas which would be expected to be subject to internal
audit?
Does the plan cover the key risks as they are recognised?
Is the allocation of audit resource accepted, and agreed as appropriate, given the level
of risk identified?
8. How the internal audit service will be delivered
Resources required
The audit plan will be delivered by the City of Wolverhampton Council’s internal audit team.Sensitivity: NOT PROTECTIVELY MARKED
Communication of results
The outcome of internal audit reviews is communicated by way of a written report on each
assignment undertaken. However, should a serious matter come to light, this will be
reported to the appropriate level of management without delay.
Staffing
Employees are recruited, trained and provided with opportunities for continuing professional
development and are sponsored to undertake relevant professional qualifications. All
employees are subject to the Council’s appraisal scheme, which leads to an identification of
training needs. In this way, we ensure that employees are suitably skilled to deliver the
internal audit service. This includes the delivery of specialist skills which are provided by
staff within the service with the relevant knowledge, skills and experience.
Quality assurance
All audit work undertaken is subject to robust quality assurance procedures as required by the
Public Sector Internal Audit Standards.
Combined assurance
We will work in conjunction with the company’s external auditors and other assurance
providers to ensure that the assurance both internal and external audit can provide, is
focussed in the most efficient manner and that any duplication is eliminated.Sensitivity: NOT PROTECTIVELY MARKED
9. Proposed Audit Services Plan 2020 -2021
Audit Area Audit Risk
Rating
Governance Risk Management High
To provide assurance that revised risk management
arrangements and reporting are robust and fully reflect Fund
operations. The review will include two audits:
• Governance and Administration risks.
• Investment risks
Operations Cyber Security High
To review Fund procedures to ensure compliance with the
Pension Regulator’s new single code of practice. (this details that
funds should not be reliant upon their administering authority’s
policy). Additionally, a review of operational security measures
including working from home in a response to Covid-19.
Operations / Integrated Transport Authority / Main Fund merger High
Finance To review the processes for the merger of the ITA with WMPF,
ensuring adherence to the agreed project plan.
Pensions Guaranteed Minimum Pension Project – Reconciliations High
Administration
A review of processes to correct employee data following the
completion of the GMP reconciliation exercise.
Pensions Covenants High
Administration
To ensure the Fund have a robust framework to monitor and
adjust covenants in accordance with the triennial valuation.
Operations Transfer Outs Medium
To review the controls and processes for members who select to
transfer their pension out of the Fund.
Finance Investments review Medium
Management arrangements for investments retained by the Fund
Finance System access arrangements Medium
To ensure appropriate controls are in place to allow access and
authorisation of transactions.
Other Related Internal Audit Work
Follow up To review the implementation of agreed actions from the previous financial
Reviews year (extended review for the Finance audits undertaken)
Counter Fraud To oversee the Cabinet Office’s National Fraud Initiative exercise on behalf of
the Pension Fund and any other work relating to counter fraud as requested
by management.Sensitivity: NOT PROTECTIVELY MARKED
Contingency Special projects, advice and assistance as and when required
and
Consultancy
Pensions / The preparation of committee reports and attendance at committee
Board reports
Management The management of the internal audit functionYou can also read
